npm - @mondaydotcomorg/monday-authorization - Versions diffs - 1.1.9-featurebelkaauthz-sdk-improved-error-handling.2402 → 1.1.9-featurefilipmcipher-core-flags-client.2760 - Mend

@mondaydotcomorg/monday-authorization 1.1.9-featurebelkaauthz-sdk-improved-error-handling.2402 → 1.1.9-featurefilipmcipher-core-flags-client.2760

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/package.json +5 -5
package/dist/index.d.ts +0 -13
package/dist/index.js +0 -50
package/dist/lib/attributions-service.d.ts +0 -3
package/dist/lib/attributions-service.js +0 -54
package/dist/lib/authorization-attributes-service.d.ts +0 -23
package/dist/lib/authorization-attributes-service.js +0 -68
package/dist/lib/authorization-internal-service.d.ts +0 -15
package/dist/lib/authorization-internal-service.js +0 -78
package/dist/lib/authorization-middleware.d.ts +0 -6
package/dist/lib/authorization-middleware.js +0 -57
package/dist/lib/authorization-service.d.ts +0 -29
package/dist/lib/authorization-service.js +0 -185
package/dist/lib/prometheus-service.d.ts +0 -10
package/dist/lib/prometheus-service.js +0 -50
package/dist/lib/testKit/index.d.ts +0 -11
package/dist/lib/testKit/index.js +0 -58
package/dist/lib/types/authorization-attributes-contracts.d.ts +0 -10
package/dist/lib/types/authorization-attributes-contracts.js +0 -2
package/dist/lib/types/express.d.ts +0 -10
package/dist/lib/types/express.js +0 -1
package/dist/lib/types/general.d.ts +0 -30
package/dist/lib/types/general.js +0 -2
package/dist/lib/types/scoped-actions-contracts.d.ts +0 -38
package/dist/lib/types/scoped-actions-contracts.js +0 -9

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mondaydotcomorg/monday-authorization",
-  "version": "1.1.9-featurebelkaauthz-sdk-improved-error-handling.2402+93ed96694",
+  "version": "1.1.9-featurefilipmcipher-core-flags-client.2760+996328beb",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "license": "BSD-3-Clause",
@@ -10,9 +10,9 @@
   },
   "dependencies": {
     "@mondaydotcomorg/monday-fetch": "^0.0.7",
-    "@mondaydotcomorg/monday-jwt": "^3.0.10",
-    "@mondaydotcomorg/monday-logger": "^3.0.10",
-    "@mondaydotcomorg/trident-backend-api": "^0.21.0",
+    "@mondaydotcomorg/monday-jwt": "^3.0.14",
+    "@mondaydotcomorg/monday-logger": "^4.0.11",
+    "@mondaydotcomorg/trident-backend-api": "^0.23.10",
     "node-fetch": "^2.6.7",
     "on-headers": "^1.0.2",
     "ts-node": "^10.0.0"
@@ -33,5 +33,5 @@
   "files": [
     "dist/"
   ],
-  "gitHead": "93ed96694fd3288d74d2d15e68980bb4fb767621"
+  "gitHead": "996328beba873d81b9dd60aa3273d807a0a57244"
 }

package/dist/index.d.ts DELETED Viewed

@@ -1,13 +0,0 @@
-import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
-import * as TestKit from './lib/testKit';
-export interface InitOptions {
-    prometheus?: any;
-    mondayFetchOptions?: MondayFetchOptions;
-    redisClient?: any;
-    grantedFeatureRedisExpirationInSeconds?: number;
-}
-export declare function init(options?: InitOptions): void;
-export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './lib/authorization-middleware';
-export { AuthorizationService } from './lib/authorization-service';
-export { AuthorizationAttributesService } from './lib/authorization-attributes-service';
-export { TestKit };

package/dist/index.js DELETED Viewed

@@ -1,50 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.TestKit = exports.AuthorizationAttributesService = exports.AuthorizationService = exports.skipAuthorizationMiddleware = exports.getAuthorizationMiddleware = exports.authorizationCheckMiddleware = exports.init = void 0;
-const prometheus_service_1 = require("./lib/prometheus-service");
-const authorization_service_1 = require("./lib/authorization-service");
-const TestKit = __importStar(require("./lib/testKit"));
-exports.TestKit = TestKit;
-function init(options = {}) {
-    if (options.prometheus) {
-        (0, prometheus_service_1.setPrometheus)(options.prometheus);
-    }
-    if (options.mondayFetchOptions) {
-        (0, authorization_service_1.setRequestFetchOptions)(options.mondayFetchOptions);
-    }
-    if (options.redisClient) {
-        (0, authorization_service_1.setRedisClient)(options.redisClient, options.grantedFeatureRedisExpirationInSeconds);
-    }
-}
-exports.init = init;
-var authorization_middleware_1 = require("./lib/authorization-middleware");
-Object.defineProperty(exports, "authorizationCheckMiddleware", { enumerable: true, get: function () { return authorization_middleware_1.authorizationCheckMiddleware; } });
-Object.defineProperty(exports, "getAuthorizationMiddleware", { enumerable: true, get: function () { return authorization_middleware_1.getAuthorizationMiddleware; } });
-Object.defineProperty(exports, "skipAuthorizationMiddleware", { enumerable: true, get: function () { return authorization_middleware_1.skipAuthorizationMiddleware; } });
-var authorization_service_2 = require("./lib/authorization-service");
-Object.defineProperty(exports, "AuthorizationService", { enumerable: true, get: function () { return authorization_service_2.AuthorizationService; } });
-var authorization_attributes_service_1 = require("./lib/authorization-attributes-service");
-Object.defineProperty(exports, "AuthorizationAttributesService", { enumerable: true, get: function () { return authorization_attributes_service_1.AuthorizationAttributesService; } });

package/dist/lib/attributions-service.d.ts DELETED Viewed

@@ -1,3 +0,0 @@
-export declare function getAttributionsFromApi(): {
-    [key: string]: string;
-};

package/dist/lib/attributions-service.js DELETED Viewed

@@ -1,54 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getAttributionsFromApi = void 0;
-const trident_backend_api_1 = require("@mondaydotcomorg/trident-backend-api");
-const authorization_internal_service_1 = require("./authorization-internal-service");
-const APP_NAME_VARIABLE_KEY = 'APP_NAME';
-const APP_NAME_HEADER_NAME = 'x-caller-app-name-from-sdk';
-const FROM_SDK_HEADER_SUFFIX = `-from-sdk`;
-let didSendFailureLogOnce = false;
-function getAttributionsFromApi() {
-    let callerAppNameFromSdk = {
-        [APP_NAME_HEADER_NAME]: tryJsonParse(getEnvVariable(APP_NAME_VARIABLE_KEY)),
-    };
-    try {
-        const tridentContext = trident_backend_api_1.Api.getPart('context');
-        if (!tridentContext) {
-            return callerAppNameFromSdk;
-        }
-        const { runtimeAttributions } = tridentContext;
-        let runtimeAttributionsOutgoingHeaders = runtimeAttributions === null || runtimeAttributions === void 0 ? void 0 : runtimeAttributions.buildOutgoingHeaders('HTTP_INTERNAL');
-        if (!runtimeAttributionsOutgoingHeaders) {
-            return callerAppNameFromSdk;
-        }
-        const attributionsHeaders = Object.fromEntries(runtimeAttributionsOutgoingHeaders);
-        const attributionHeadersFromSdk = {};
-        Object.keys(attributionsHeaders).forEach(function (key) {
-            attributionHeadersFromSdk[`${key}${FROM_SDK_HEADER_SUFFIX}`] = attributionsHeaders[key];
-        });
-        return attributionHeadersFromSdk;
-    }
-    catch (error) {
-        if (!didSendFailureLogOnce) {
-            authorization_internal_service_1.logger.warn({ tag: 'authorization-service', error }, 'Failed to generate attributions headers from the API. Unexpected error while extracting headers. It may be caused by out of date Trident version.');
-            didSendFailureLogOnce = true;
-        }
-        return callerAppNameFromSdk;
-    }
-}
-exports.getAttributionsFromApi = getAttributionsFromApi;
-function getEnvVariable(key) {
-    const envVar = process.env[key] || process.env[key.toUpperCase()] || process.env[key.toLowerCase()];
-    return envVar;
-}
-function tryJsonParse(value) {
-    if (!value) {
-        return value;
-    }
-    try {
-        return JSON.parse(value);
-    }
-    catch (_err) {
-        return value;
-    }
-}

package/dist/lib/authorization-attributes-service.d.ts DELETED Viewed

@@ -1,23 +0,0 @@
-import { ResourceAttributeAssignment, ResourceAttributeResponse } from './types/authorization-attributes-contracts';
-import { Resource } from './types/general';
-export declare class AuthorizationAttributesService {
-    /**
-     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-     * @param accountId
-     * @param userId
-     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
-     */
-    static upsertResourceAttributes(accountId: number, userId: number, resourceAttributeAssignments: ResourceAttributeAssignment[]): Promise<ResourceAttributeResponse>;
-    /**
-     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-     * @param accountId
-     * @param userId
-     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-     * @param attributeKeys - Array of attribute keys to delete for the resource.
-     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
-     */
-    static deleteResourceAttributes(accountId: number, userId: number, resource: Resource, attributeKeys: string[]): Promise<ResourceAttributeResponse>;
-    private static getResourceAttributesUrl;
-}

package/dist/lib/authorization-attributes-service.js DELETED Viewed

@@ -1,68 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthorizationAttributesService = void 0;
-const monday_fetch_1 = require("@mondaydotcomorg/monday-fetch");
-const authorization_internal_service_1 = require("./authorization-internal-service");
-const attributions_service_1 = require("./attributions-service");
-class AuthorizationAttributesService {
-    /**
-     * Upsert resource attributes synchronously, performing http call to the authorization MS to assign the given attributes to the given resource.
-     * @param accountId
-     * @param userId
-     * @param resourceAttributeAssignments - Array of resource (resourceType, resourceId) and attribute (key, value) pairs to upsert in the authorization MS.
-     * e.g. [{ resourceType: 'board', resourceId: 123, key: 'board_kind', value: 'private' }]
-     * @returns ResourceAttributeResponse - The affected (created and updated_ resource attributes assignments in the `attributes` field.
-     */
-    static upsertResourceAttributes(accountId, userId, resourceAttributeAssignments) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const internalAuthToken = authorization_internal_service_1.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-            const attributionHeaders = (0, attributions_service_1.getAttributionsFromApi)();
-            const response = yield (0, monday_fetch_1.fetch)(this.getResourceAttributesUrl(accountId), {
-                method: 'POST',
-                headers: Object.assign({ Authorization: internalAuthToken, 'Content-Type': 'application/json' }, attributionHeaders),
-                timeout: authorization_internal_service_1.AuthorizationInternalService.getRequestTimeout(),
-                body: JSON.stringify({ resourceAttributeAssignments }),
-            }, authorization_internal_service_1.AuthorizationInternalService.getRequestFetchOptions());
-            const responseBody = yield response.json();
-            authorization_internal_service_1.AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'upsertResourceAttributesSync');
-            return { attributes: responseBody['attributes'] };
-        });
-    }
-    /**
-     * Delete resource attributes assignments synchronously, performing http call to the authorization MS to delete the given attributes from the given singular resource.
-     * @param accountId
-     * @param userId
-     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
-     * @param attributeKeys - Array of attribute keys to delete for the resource.
-     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
-     */
-    static deleteResourceAttributes(accountId, userId, resource, attributeKeys) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const internalAuthToken = authorization_internal_service_1.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-            const url = `${this.getResourceAttributesUrl(accountId)}/${resource.type}/${resource.id}`;
-            const attributionHeaders = (0, attributions_service_1.getAttributionsFromApi)();
-            const response = yield (0, monday_fetch_1.fetch)(url, {
-                method: 'DELETE',
-                headers: Object.assign({ Authorization: internalAuthToken, 'Content-Type': 'application/json' }, attributionHeaders),
-                timeout: authorization_internal_service_1.AuthorizationInternalService.getRequestTimeout(),
-                body: JSON.stringify({ keys: attributeKeys }),
-            }, authorization_internal_service_1.AuthorizationInternalService.getRequestFetchOptions());
-            const responseBody = yield response.json();
-            authorization_internal_service_1.AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'deleteResourceAttributesSync');
-            return { attributes: responseBody['attributes'] };
-        });
-    }
-    static getResourceAttributesUrl(accountId) {
-        return `${process.env.AUTHORIZATION_URL}/attributes/${accountId}/resource`;
-    }
-}
-exports.AuthorizationAttributesService = AuthorizationAttributesService;

package/dist/lib/authorization-internal-service.d.ts DELETED Viewed

@@ -1,15 +0,0 @@
-/// <reference types="bunyan" />
-import { Request } from 'express';
-import { fetch, MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
-import * as MondayLogger from '@mondaydotcomorg/monday-logger';
-export declare const logger: MondayLogger.Logger;
-export declare class AuthorizationInternalService {
-    static skipAuthorization(requset: Request): void;
-    static markAuthorized(request: Request): void;
-    static failIfNotCoveredByAuthorization(request: Request): void;
-    static throwOnHttpErrorIfNeeded(response: Awaited<ReturnType<typeof fetch>>, placement: string): void;
-    static generateInternalAuthToken(accountId: number, userId: number): string;
-    static setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions): void;
-    static getRequestFetchOptions(): MondayFetchOptions;
-    static getRequestTimeout(): 60000 | 2000;
-}

package/dist/lib/authorization-internal-service.js DELETED Viewed

@@ -1,78 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthorizationInternalService = exports.logger = void 0;
-const monday_jwt_1 = require("@mondaydotcomorg/monday-jwt");
-const MondayLogger = __importStar(require("@mondaydotcomorg/monday-logger"));
-const INTERNAL_APP_NAME = 'internal_ms';
-const defaultMondayFetchOptions = {
-    retries: 3,
-    callback: logOnFetchFail,
-};
-function logOnFetchFail(retriesLeft, error) {
-    if (retriesLeft == 0) {
-        exports.logger.error({ retriesLeft, error }, 'Authorization attempt failed due to network issues');
-    }
-    else {
-        exports.logger.info({ retriesLeft, error }, 'Authorization attempt failed due to network issues, trying again');
-    }
-}
-let mondayFetchOptions = defaultMondayFetchOptions;
-exports.logger = MondayLogger.getLogger();
-class AuthorizationInternalService {
-    static skipAuthorization(requset) {
-        requset.authorizationSkipPerformed = true;
-    }
-    static markAuthorized(request) {
-        request.authorizationCheckPerformed = true;
-    }
-    static failIfNotCoveredByAuthorization(request) {
-        if (!request.authorizationCheckPerformed && !request.authorizationSkipPerformed) {
-            throw 'Endpoint is not covered by authorization check';
-        }
-    }
-    static throwOnHttpErrorIfNeeded(response, placement) {
-        if (response.ok) {
-            return;
-        }
-        const status = response.status;
-        exports.logger.error({ tag: 'authorization-service', placement, status }, 'AuthorizationService: authorization request failed');
-        throw new Error(`AuthorizationService: [${placement}] authorization request failed with status ${status}`);
-    }
-    static generateInternalAuthToken(accountId, userId) {
-        return (0, monday_jwt_1.signAuthorizationHeader)({ appName: INTERNAL_APP_NAME, accountId, userId });
-    }
-    static setRequestFetchOptions(customMondayFetchOptions) {
-        mondayFetchOptions = Object.assign(Object.assign({}, defaultMondayFetchOptions), customMondayFetchOptions);
-    }
-    static getRequestFetchOptions() {
-        return mondayFetchOptions;
-    }
-    static getRequestTimeout() {
-        const isDevEnv = process.env.NODE_ENV === 'development';
-        return isDevEnv ? 60000 : 2000;
-    }
-}
-exports.AuthorizationInternalService = AuthorizationInternalService;

package/dist/lib/authorization-middleware.d.ts DELETED Viewed

@@ -1,6 +0,0 @@
-import { NextFunction } from 'express';
-import { Action, BaseRequest, BaseResponse, Context, ContextGetter, ResourceGetter } from './types/general';
-export declare function getAuthorizationMiddleware(action: Action, resourceGetter: ResourceGetter, contextGetter?: ContextGetter): (request: BaseRequest, response: BaseResponse, next: NextFunction) => Promise<void>;
-export declare function skipAuthorizationMiddleware(request: BaseRequest, response: BaseResponse, next: NextFunction): void;
-export declare function authorizationCheckMiddleware(request: BaseRequest, response: BaseResponse, next: NextFunction): void;
-export declare function defaultContextGetter(request: BaseRequest): Context;

package/dist/lib/authorization-middleware.js DELETED Viewed

@@ -1,57 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.defaultContextGetter = exports.authorizationCheckMiddleware = exports.skipAuthorizationMiddleware = exports.getAuthorizationMiddleware = void 0;
-const on_headers_1 = __importDefault(require("on-headers"));
-const authorization_internal_service_1 = require("./authorization-internal-service");
-const authorization_service_1 = require("./authorization-service");
-// getAuthorizationMiddleware is duplicated in testKit/index.ts
-// If you are making changes to this function, please make sure to update the other file as well
-function getAuthorizationMiddleware(action, resourceGetter, contextGetter) {
-    return function authorizationMiddleware(request, response, next) {
-        return __awaiter(this, void 0, void 0, function* () {
-            contextGetter || (contextGetter = defaultContextGetter);
-            const { userId, accountId } = contextGetter(request);
-            const resources = resourceGetter(request);
-            const { isAuthorized } = yield authorization_service_1.AuthorizationService.isAuthorized(accountId, userId, resources, action);
-            authorization_internal_service_1.AuthorizationInternalService.markAuthorized(request);
-            if (!isAuthorized) {
-                response.status(403).json({ message: 'Access denied' });
-                return;
-            }
-            next();
-        });
-    };
-}
-exports.getAuthorizationMiddleware = getAuthorizationMiddleware;
-function skipAuthorizationMiddleware(request, response, next) {
-    authorization_internal_service_1.AuthorizationInternalService.skipAuthorization(request);
-    next();
-}
-exports.skipAuthorizationMiddleware = skipAuthorizationMiddleware;
-function authorizationCheckMiddleware(request, response, next) {
-    if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') {
-        (0, on_headers_1.default)(response, function () {
-            if (response.statusCode < 400) {
-                authorization_internal_service_1.AuthorizationInternalService.failIfNotCoveredByAuthorization(request);
-            }
-        });
-    }
-    next();
-}
-exports.authorizationCheckMiddleware = authorizationCheckMiddleware;
-function defaultContextGetter(request) {
-    return request.payload;
-}
-exports.defaultContextGetter = defaultContextGetter;

package/dist/lib/authorization-service.d.ts DELETED Viewed

@@ -1,29 +0,0 @@
-import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
-import { Action, AuthorizationObject, Resource } from './types/general';
-import { ScopedAction, ScopedActionPermit, ScopedActionResponseObject, ScopeOptions } from './types/scoped-actions-contracts';
-export interface AuthorizeResponse {
-    isAuthorized: boolean;
-    unauthorizedIds?: number[];
-    unauthorizedObjects?: AuthorizationObject[];
-}
-export declare function setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions): void;
-export declare function setRedisClient(client: any, grantedFeatureRedisExpirationInSeconds?: number): void;
-export declare class AuthorizationService {
-    static redisClient?: any;
-    static grantedFeatureRedisExpirationInSeconds?: number;
-    /**
-     * @deprecated use the second form with authorizationRequestObjects instead,
-     * support of this function will be dropped gradually
-     */
-    static isAuthorized(accountId: number, userId: number, resources: Resource[], action: Action): Promise<AuthorizeResponse>;
-    static isAuthorized(accountId: number, userId: number, authorizationRequestObjects: AuthorizationObject[]): Promise<AuthorizeResponse>;
-    static isUserGrantedWithFeature(accountId: number, userId: number, featureName: string, options?: {
-        shouldSkipCache?: boolean;
-    }): Promise<boolean>;
-    private static fetchIsUserGrantedWithFeature;
-    private static getCachedKeyName;
-    static canActionInScope(accountId: number, userId: number, action: string, scope: ScopeOptions): Promise<ScopedActionPermit>;
-    static canActionInScopeMultiple(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
-    private static isAuthorizedSingular;
-    private static isAuthorizedMultiple;
-}

package/dist/lib/authorization-service.js DELETED Viewed

@@ -1,185 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthorizationService = exports.setRedisClient = exports.setRequestFetchOptions = void 0;
-const lodash_1 = require("lodash");
-const perf_hooks_1 = require("perf_hooks");
-const monday_fetch_1 = require("@mondaydotcomorg/monday-fetch");
-const prometheus_service_1 = require("./prometheus-service");
-const authorization_internal_service_1 = require("./authorization-internal-service");
-const attributions_service_1 = require("./attributions-service");
-const GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS = 5 * 60;
-function setRequestFetchOptions(customMondayFetchOptions) {
-    authorization_internal_service_1.AuthorizationInternalService.setRequestFetchOptions(customMondayFetchOptions);
-}
-exports.setRequestFetchOptions = setRequestFetchOptions;
-function setRedisClient(client, grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS) {
-    AuthorizationService.redisClient = client;
-    if (grantedFeatureRedisExpirationInSeconds && grantedFeatureRedisExpirationInSeconds > 0) {
-        AuthorizationService.grantedFeatureRedisExpirationInSeconds = grantedFeatureRedisExpirationInSeconds;
-    }
-    else {
-        authorization_internal_service_1.logger.warn({ grantedFeatureRedisExpirationInSeconds }, 'Invalid input for grantedFeatureRedisExpirationInSeconds, must be positive number. using default ttl.');
-        AuthorizationService.grantedFeatureRedisExpirationInSeconds = GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS;
-    }
-}
-exports.setRedisClient = setRedisClient;
-class AuthorizationService {
-    static isAuthorized(...args) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (args.length === 3) {
-                return this.isAuthorizedMultiple(args[0], args[1], args[2]);
-            }
-            else if (args.length == 4) {
-                return this.isAuthorizedSingular(args[0], args[1], args[2], args[3]);
-            }
-            else {
-                throw new Error('isAuthorized accepts either 3 or 4 arguments');
-            }
-        });
-    }
-    static isUserGrantedWithFeature(accountId, userId, featureName, options = {}) {
-        var _a;
-        return __awaiter(this, void 0, void 0, function* () {
-            let cachedKey = this.getCachedKeyName(userId, featureName);
-            const shouldSkipCache = (_a = options.shouldSkipCache) !== null && _a !== void 0 ? _a : false;
-            if (this.redisClient && !shouldSkipCache) {
-                let grantedFeatureValue = yield this.redisClient.get(cachedKey);
-                if (!(grantedFeatureValue === undefined || grantedFeatureValue === null)) {
-                    // redis returns the value as string
-                    return grantedFeatureValue === 'true';
-                }
-            }
-            let grantedFeatureValue = yield this.fetchIsUserGrantedWithFeature(featureName, accountId, userId);
-            if (this.redisClient) {
-                yield this.redisClient.set(cachedKey, grantedFeatureValue, 'EX', this.grantedFeatureRedisExpirationInSeconds);
-            }
-            return grantedFeatureValue;
-        });
-    }
-    static fetchIsUserGrantedWithFeature(featureName, accountId, userId) {
-        return __awaiter(this, void 0, void 0, function* () {
-            let authorizationObject = {
-                action: featureName,
-                resource_type: 'feature',
-            };
-            let authorizeResponsePromise = yield this.isAuthorized(accountId, userId, [authorizationObject]);
-            return authorizeResponsePromise.isAuthorized;
-        });
-    }
-    static getCachedKeyName(userId, featureName) {
-        return `granted-feature-${featureName}-${userId}`;
-    }
-    static canActionInScope(accountId, userId, action, scope) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const scopedActions = [{ action, scope }];
-            const scopedActionResponseObjects = yield this.canActionInScopeMultiple(accountId, userId, scopedActions);
-            return scopedActionResponseObjects[0].permit;
-        });
-    }
-    static canActionInScopeMultiple(accountId, userId, scopedActions) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const internalAuthToken = authorization_internal_service_1.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-            const scopedActionsPayload = scopedActions.map(scopedAction => {
-                return Object.assign(Object.assign({}, scopedAction), { scope: (0, lodash_1.mapKeys)(scopedAction.scope, (_, key) => (0, lodash_1.snakeCase)(key)) }); // for example: { workspaceId: 1 } => { workspace_id: 1 }
-            });
-            const attributionHeaders = (0, attributions_service_1.getAttributionsFromApi)();
-            const response = yield (0, monday_fetch_1.fetch)(getCanActionsInScopesUrl(), {
-                method: 'POST',
-                headers: Object.assign({ Authorization: internalAuthToken, 'Content-Type': 'application/json' }, attributionHeaders),
-                timeout: authorization_internal_service_1.AuthorizationInternalService.getRequestTimeout(),
-                body: JSON.stringify({
-                    user_id: userId,
-                    scoped_actions: scopedActionsPayload,
-                }),
-            }, authorization_internal_service_1.AuthorizationInternalService.getRequestFetchOptions());
-            authorization_internal_service_1.AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'canActionInScopeMultiple');
-            const responseBody = yield response.json();
-            const camelCaseKeys = obj => Object.fromEntries(Object.entries(obj).map(([key, value]) => [(0, lodash_1.camelCase)(key), value]));
-            const scopedActionsResponseObjects = responseBody.result.map(responseObject => {
-                const { scopedAction, permit } = responseObject;
-                const { scope } = scopedAction;
-                const transformKeys = obj => camelCaseKeys(obj);
-                return Object.assign(Object.assign({}, responseObject), { scopedAction: Object.assign(Object.assign({}, scopedAction), { scope: transformKeys(scope) }), permit: transformKeys(permit) });
-            });
-            return scopedActionsResponseObjects;
-        });
-    }
-    static isAuthorizedSingular(accountId, userId, resources, action) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const { authorizationObjects } = createAuthorizationParams(resources, action);
-            return this.isAuthorizedMultiple(accountId, userId, authorizationObjects);
-        });
-    }
-    static isAuthorizedMultiple(accountId, userId, authorizationRequestObjects) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const internalAuthToken = authorization_internal_service_1.AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
-            const startTime = perf_hooks_1.performance.now();
-            const attributionHeaders = (0, attributions_service_1.getAttributionsFromApi)();
-            const response = yield (0, monday_fetch_1.fetch)(getAuthorizeUrl(), {
-                method: 'POST',
-                headers: Object.assign({ Authorization: internalAuthToken, 'Content-Type': 'application/json' }, attributionHeaders),
-                timeout: authorization_internal_service_1.AuthorizationInternalService.getRequestTimeout(),
-                body: JSON.stringify({
-                    user_id: userId,
-                    authorize_request_objects: authorizationRequestObjects,
-                }),
-            }, authorization_internal_service_1.AuthorizationInternalService.getRequestFetchOptions());
-            const endTime = perf_hooks_1.performance.now();
-            const time = endTime - startTime;
-            const responseStatus = response.status;
-            (0, prometheus_service_1.sendAuthorizationChecksPerRequestMetric)(responseStatus, authorizationRequestObjects.length);
-            authorization_internal_service_1.AuthorizationInternalService.throwOnHttpErrorIfNeeded(response, 'isAuthorizedMultiple');
-            const responseBody = yield response.json();
-            const unauthorizedObjects = [];
-            responseBody.result.forEach(function (isAuthorized, index) {
-                const authorizationObject = authorizationRequestObjects[index];
-                if (!isAuthorized) {
-                    unauthorizedObjects.push(authorizationObject);
-                }
-                (0, prometheus_service_1.sendAuthorizationCheckResponseTimeMetric)(authorizationObject.resource_type, authorizationObject.action, isAuthorized, responseStatus, time);
-            });
-            if (unauthorizedObjects.length > 0) {
-                authorization_internal_service_1.logger.info({
-                    resources: JSON.stringify(unauthorizedObjects),
-                }, 'AuthorizationService: resource is unauthorized');
-                const unauthorizedIds = unauthorizedObjects
-                    .filter(obj => !!obj.resource_id)
-                    .map(obj => obj.resource_id);
-                return { isAuthorized: false, unauthorizedIds, unauthorizedObjects };
-            }
-            return { isAuthorized: true };
-        });
-    }
-}
-exports.AuthorizationService = AuthorizationService;
-function createAuthorizationParams(resources, action) {
-    const params = {
-        authorizationObjects: resources.map((resource) => {
-            const authorizationObject = {
-                resource_id: resource.id,
-                resource_type: resource.type,
-                action,
-            };
-            if (resource.wrapperData) {
-                authorizationObject.wrapper_data = resource.wrapperData;
-            }
-            return authorizationObject;
-        }),
-    };
-    return params;
-}
-function getAuthorizeUrl() {
-    return `${process.env.MONDAY_INTERNAL_URL}/internal_ms/authorization/authorize`;
-}
-function getCanActionsInScopesUrl() {
-    return `${process.env.MONDAY_INTERNAL_URL}/internal_ms/authorization/can_actions_in_scopes`;
-}

package/dist/lib/prometheus-service.d.ts DELETED Viewed

@@ -1,10 +0,0 @@
-import { Action } from './types/general';
-export declare const METRICS: {
-    AUTHORIZATION_CHECK: string;
-    AUTHORIZATION_CHECKS_PER_REQUEST: string;
-    AUTHORIZATION_CHECK_RESPONSE_TIME: string;
-};
-export declare function setPrometheus(customPrometheus: any): void;
-export declare function getMetricsManager(): any;
-export declare function sendAuthorizationChecksPerRequestMetric(responseStatus: any, amountOfAuthorizationObjects: any): void;
-export declare function sendAuthorizationCheckResponseTimeMetric(resourceType: string, action: Action, isAuthorized: boolean, responseStatus: number, time: number): void;

package/dist/lib/prometheus-service.js DELETED Viewed

@@ -1,50 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.sendAuthorizationCheckResponseTimeMetric = exports.sendAuthorizationChecksPerRequestMetric = exports.getMetricsManager = exports.setPrometheus = exports.METRICS = void 0;
-let prometheus = null;
-let authorizationChecksPerRequestMetric = null;
-let authorizationCheckResponseTimeMetric = null;
-exports.METRICS = {
-    AUTHORIZATION_CHECK: 'authorization_check',
-    AUTHORIZATION_CHECKS_PER_REQUEST: 'authorization_checks_per_request',
-    AUTHORIZATION_CHECK_RESPONSE_TIME: 'authorization_check_response_time',
-};
-const authorizationChecksPerRequestMetricConfig = {
-    name: exports.METRICS.AUTHORIZATION_CHECKS_PER_REQUEST,
-    labels: ['responseStatus'],
-    description: 'Authorization checks per request summary',
-};
-const authorizationCheckResponseTimeMetricConfig = {
-    name: exports.METRICS.AUTHORIZATION_CHECK_RESPONSE_TIME,
-    labels: ['resourceType', 'action', 'isAuthorized', 'responseStatus'],
-    description: 'Authorization check response time summary',
-};
-function setPrometheus(customPrometheus) {
-    prometheus = customPrometheus;
-    const { METRICS_TYPES } = prometheus;
-    authorizationChecksPerRequestMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationChecksPerRequestMetricConfig.name, authorizationChecksPerRequestMetricConfig.labels, authorizationChecksPerRequestMetricConfig.description);
-    authorizationCheckResponseTimeMetric = getMetricsManager().addMetric(METRICS_TYPES.SUMMARY, authorizationCheckResponseTimeMetricConfig.name, authorizationCheckResponseTimeMetricConfig.labels, authorizationCheckResponseTimeMetricConfig.description);
-}
-exports.setPrometheus = setPrometheus;
-function getMetricsManager() {
-    return prometheus === null || prometheus === void 0 ? void 0 : prometheus.metricsManager;
-}
-exports.getMetricsManager = getMetricsManager;
-function sendAuthorizationChecksPerRequestMetric(responseStatus, amountOfAuthorizationObjects) {
-    try {
-        if (authorizationChecksPerRequestMetric) {
-            authorizationChecksPerRequestMetric.labels(responseStatus).observe(amountOfAuthorizationObjects);
-        }
-    }
-    catch (e) { }
-}
-exports.sendAuthorizationChecksPerRequestMetric = sendAuthorizationChecksPerRequestMetric;
-function sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, responseStatus, time) {
-    try {
-        if (authorizationCheckResponseTimeMetric) {
-            authorizationCheckResponseTimeMetric.labels(resourceType, action, isAuthorized, responseStatus).observe(time);
-        }
-    }
-    catch (e) { }
-}
-exports.sendAuthorizationCheckResponseTimeMetric = sendAuthorizationCheckResponseTimeMetric;

package/dist/lib/testKit/index.d.ts DELETED Viewed

@@ -1,11 +0,0 @@
-import { NextFunction } from "express";
-import { Action, BaseRequest, BaseResponse, ContextGetter, Resource, ResourceGetter } from "../types/general";
-export type TestPermittedAction = {
-    accountId: number;
-    userId: number;
-    resources: Resource[];
-    action: Action;
-};
-export declare const addTestPermittedAction: (accountId: number, userId: number, resources: Resource[], action: Action) => void;
-export declare const clearTestPermittedActions: () => void;
-export declare const getTestAuthorizationMiddleware: (action: Action, resourceGetter: ResourceGetter, contextGetter?: ContextGetter) => (request: BaseRequest, response: BaseResponse, next: NextFunction) => Promise<void>;

package/dist/lib/testKit/index.js DELETED Viewed

@@ -1,58 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getTestAuthorizationMiddleware = exports.clearTestPermittedActions = exports.addTestPermittedAction = void 0;
-const authorization_middleware_1 = require("../authorization-middleware");
-const authorization_internal_service_1 = require("../authorization-internal-service");
-let testPermittedActions = [];
-const addTestPermittedAction = (accountId, userId, resources, action) => {
-    testPermittedActions.push({ accountId, userId, resources, action });
-};
-exports.addTestPermittedAction = addTestPermittedAction;
-const clearTestPermittedActions = () => {
-    testPermittedActions = [];
-};
-exports.clearTestPermittedActions = clearTestPermittedActions;
-const isActionAuthorized = (accountId, userId, resources, action) => {
-    return {
-        isAuthorized: resources.every(resource => {
-            return testPermittedActions.some(combination => {
-                return combination.accountId === accountId &&
-                    combination.userId === userId &&
-                    combination.action === action &&
-                    combination.resources.some(combinationResource => {
-                        return resources.some(resource => {
-                            return combinationResource.id === resource.id &&
-                                combinationResource.type === resource.type &&
-                                JSON.stringify(combinationResource.wrapperData) === JSON.stringify(resource.wrapperData);
-                        });
-                    });
-            });
-        })
-    };
-};
-const getTestAuthorizationMiddleware = (action, resourceGetter, contextGetter) => {
-    return function authorizationMiddleware(request, response, next) {
-        return __awaiter(this, void 0, void 0, function* () {
-            contextGetter || (contextGetter = authorization_middleware_1.defaultContextGetter);
-            const { userId, accountId } = contextGetter(request);
-            const resources = resourceGetter(request);
-            const { isAuthorized } = isActionAuthorized(accountId, userId, resources, action);
-            authorization_internal_service_1.AuthorizationInternalService.markAuthorized(request);
-            if (!isAuthorized) {
-                response.status(403).json({ message: 'Access denied' });
-                return;
-            }
-            next();
-        });
-    };
-};
-exports.getTestAuthorizationMiddleware = getTestAuthorizationMiddleware;

package/dist/lib/types/authorization-attributes-contracts.d.ts DELETED Viewed

@@ -1,10 +0,0 @@
-import { Resource } from './general';
-export interface ResourceAttributeAssignment {
-    resourceType: Resource['type'];
-    resourceId: Resource['id'];
-    key: string;
-    value: string;
-}
-export interface ResourceAttributeResponse {
-    attributes: ResourceAttributeAssignment[];
-}

package/dist/lib/types/authorization-attributes-contracts.js DELETED Viewed

	@@ -1,2 +0,0 @@
1	- "use strict";
2	- Object.defineProperty(exports, "__esModule", { value: true });

package/dist/lib/types/express.d.ts DELETED Viewed

@@ -1,10 +0,0 @@
-declare namespace Express {
-    interface Request {
-        payload: {
-            accountId: number;
-            userId: number;
-        };
-        authorizationCheckPerformed: boolean;
-        authorizationSkipPerformed: boolean;
-    }
-}

package/dist/lib/types/express.js DELETED Viewed

	@@ -1 +0,0 @@
1	- "use strict";

package/dist/lib/types/general.d.ts DELETED Viewed

@@ -1,30 +0,0 @@
-import { Request, Response } from 'express';
-export interface Resource {
-    id?: number;
-    type: string;
-    wrapperData?: object;
-}
-export type Action = string;
-export type ResourceGetter = (request: BaseRequest) => Resource[];
-export interface Context {
-    accountId: number;
-    userId: number;
-}
-export type ContextGetter = (request: BaseRequest) => Context;
-export interface AuthorizationObject {
-    resource_id?: Resource['id'];
-    resource_type: Resource['type'];
-    wrapper_data?: Resource['wrapperData'];
-    action: Action;
-}
-export interface AuthorizationParams {
-    authorizationObjects: AuthorizationObject[];
-}
-type BasicObject = {};
-export type BaseParameters = BasicObject;
-export type BaseResponseBody = BasicObject;
-export type BaseBodyParameters = BasicObject;
-export type BaseQueryParameters = BasicObject;
-export type BaseRequest = Request<BaseParameters, BaseResponseBody, BaseBodyParameters, BaseQueryParameters>;
-export type BaseResponse = Response<BaseResponseBody>;
-export {};

package/dist/lib/types/general.js DELETED Viewed

	@@ -1,2 +0,0 @@
1	- "use strict";
2	- Object.defineProperty(exports, "__esModule", { value: true });

package/dist/lib/types/scoped-actions-contracts.d.ts DELETED Viewed

@@ -1,38 +0,0 @@
-export interface WorkspaceScope {
-    workspaceId: number;
-}
-export interface BoardScope {
-    boardId: number;
-}
-export interface PulseScope {
-    pulseId: number;
-}
-export interface AccountProductScope {
-    accountProductId: number;
-}
-export interface AccountScope {
-    accountId: number;
-}
-export type ScopeOptions = WorkspaceScope | BoardScope | PulseScope | AccountProductScope | AccountScope;
-export interface Translation {
-    key: string;
-    [option: string]: string;
-}
-export declare enum PermitTechnicalReason {
-    NO_REASON = 0,
-    NOT_ELIGIBLE = 1,
-    BY_ROLE_IN_SCOPE = 2
-}
-export interface ScopedActionPermit {
-    can: boolean;
-    reason: Translation;
-    technicalReason: PermitTechnicalReason;
-}
-export interface ScopedAction {
-    action: string;
-    scope: ScopeOptions;
-}
-export interface ScopedActionResponseObject {
-    scopedAction: ScopedAction;
-    permit: ScopedActionPermit;
-}

package/dist/lib/types/scoped-actions-contracts.js DELETED Viewed

@@ -1,9 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.PermitTechnicalReason = void 0;
-var PermitTechnicalReason;
-(function (PermitTechnicalReason) {
-    PermitTechnicalReason[PermitTechnicalReason["NO_REASON"] = 0] = "NO_REASON";
-    PermitTechnicalReason[PermitTechnicalReason["NOT_ELIGIBLE"] = 1] = "NOT_ELIGIBLE";
-    PermitTechnicalReason[PermitTechnicalReason["BY_ROLE_IN_SCOPE"] = 2] = "BY_ROLE_IN_SCOPE";
-})(PermitTechnicalReason || (exports.PermitTechnicalReason = PermitTechnicalReason = {}));